Presentation is loading. Please wait.

Presentation is loading. Please wait.

Metasploit assignment

Published byΚόρη Βουγιουκλάκης Modified over 5 years ago

Similar presentations

Presentation on theme: "Metasploit assignment"— Presentation transcript:

1 Metasploit assignment
Tools used Metasploit on Kali Metasploitable – intentional vulnerable Ubuntu package NMAP – used to get IP address Nessus – scanned for vulnerabilities Result Found many vulnerabilities Successfully exploited one that interested me Ahmed Alkaysi

2 Reconnaissance NMAP Nessus
Used NMAP within Metasploit to look for target machine Scanned with ‘-O’ arg to get OS info on a range of LAN IP addresses Successfully got the IP address of VM running Metasploitable, along with its running services Nessus Decided to use Nessus for vulnerability scans Launched Nessus outside of Metasploit Scanned target machine using basic scanner Exported results into ‘.nessus’ file Ahmed Alkaysi

3 Exploitation Loading ‘.nessus’ file Exploiting the vulnerabilities
Many Vulnerabilities! Loading ‘.nessus’ file Used ‘db_import’ in Metasploit to load the file exported from Nessus Typed ‘vulns’ to look at a list of vulnerabilities from the file Exploiting the vulnerabilities Found one sounding interesting: ‘Smiley Face Backdoor’ Used associated OSVDB ID: ‘73573’ in ‘search’ command to look for any modules specifically for that ID Found an exploit module in Metasploit Running the Exploit Started attack by entering ‘use’ + *returned module from search*, set ‘RHOST’ to target’s IP Run ‘exploit’ Was able to gain root access to target’s shell Success!! Ahmed Alkaysi

Download ppt "Metasploit assignment"

Similar presentations

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.

Part 2 Penetration Testing. Review 2-minute exercise: RECON ONLY Find 3x IP addresses at the U.S. Merchant Marine Academy Google: “U.S. Merchant Marine.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Offensive Security Part 1 Basics of Penetration Testing

Offensive Security Part 1 Basics of Penetration Testing
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Penetration Testing.

Penetration Testing.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.

Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room 345 05/11/10.

4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
CIS 450 – Network Security Chapter 3 – Information Gathering.

CIS 450 – Network Security Chapter 3 – Information Gathering.
COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.

COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.

Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
MIS 5212.001 Week 1 Site:

MIS Week 1 Site:
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.

Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Similar presentations

Ads by Google